Quellcode durchsuchen

Remove access tokens in log headers (#842)

* Remove access tokens in log headers

* Update tests

* Replace token with [FILTERED]
Melanie Wang vor 3 Jahren
Ursprung
Commit
9cdf23faac

+ 4 - 0
lib/active_resource/detailed_log_subscriber.rb

@@ -3,6 +3,9 @@ module ActiveResource
   class DetailedLogSubscriber < ActiveSupport::LogSubscriber
     VERSION_EOL_WARNING_HEADER = 'x-shopify-api-version-warning'
     VERSION_DEPRECATION_HEADER = 'x-shopify-api-deprecated-reason'
+    SHOPIFY_ACCESS_TOKEN = 'X-Shopify-Access-Token'
+    FILTERED = '[FILTERED]'
+
     def request(event)
       log_request_response_details(event)
       warn_on_deprecated_header_or_version_eol_header(event)
@@ -17,6 +20,7 @@ module ActiveResource
     def log_request_response_details(event)
       data = event.payload[:data]
       headers = data.extract_options!
+      headers[SHOPIFY_ACCESS_TOKEN] = FILTERED
       request_body = data.first
 
       info("Request:\n#{request_body}") if request_body

+ 1 - 1
test/detailed_log_subscriber_test.rb

@@ -14,7 +14,7 @@ class LogSubscriberTest < Test::Unit::TestCase
     @ua_header = "\"User-Agent\"=>\"ShopifyAPI/#{ShopifyAPI::VERSION} " \
       "ActiveResource/#{ActiveResource::VERSION::STRING} Ruby/#{RUBY_VERSION}\""
     @request_headers = "Headers: {\"Accept\"=>\"application/json\", " \
-      "#{@ua_header}, \"X-Shopify-Access-Token\"=>\"access_token\"}"
+      "#{@ua_header}, \"X-Shopify-Access-Token\"=>\"[FILTERED]\"}"
 
     ShopifyAPI::Base.clear_session
     fake(